The Top Take-Away Lessons from Unlocked Manchester

29 March 2017 by Alice Cullen

Yesterday hundreds of cyber-enthusiasts and business leaders descended on UKFast Campus to unlock the mystery of protecting your business online. The conference showcased the top experts in cybersecurity and business, with speakers including cyber analyst Graham Cluley, Lloyds Banking Group’s Justin Joyce and Cisco’s Terry Greer-King.

Having been terrified by a live hack, brain-boggled by the lock picking challenge and wowed by the panels, what did we learn? Here are our top take-aways from Unlocked Manchester 2017. Get ready for some valuable comment with the odd cliché…

1) Prevention is way better than the cure: We’ve heard it before but the common theme throughout every speaker and panel was that we should be treating cybersecurity like pre-emptive insurance, rather than as a response. As Graham Clulely said; once you see the malware screen, it’s too late!

2) The internet of things is literally the internet of everything: There are cows that produce 200mb of data, dishwashers that suffered with a server error, and baby monitors being used to launch DDoS attacks! Take a moment to think about the security of these devices; have you changed the default password?

3) Hackers don’t just steal data, they cause chaos: A twelve-word tweet by Associated Press caused a dip ($61m) in the American stock exchange. There was no attack on the White House, as the tweet claimed, but instead AP’s Twitter feed was hacked by the Syrian Electronic Army.

4) Just because it is popular doesn’t mean it is a good idea: Andi Pannell of Pentest found that Flash keyboard for Android was transmitting all of his data to China and had more than 49 permissions including posting ads to his phone’s unlock screen – which he estimates generate the app company around $425 million every single day. Simple advice: think about permissions before you download, don’t just assume because something is on Google Play that it’s ok to download.

5) Back up, back up, back up: Back up is really important. Having seen how quick and simple it was for Paul and Mark from Pentest to hack into a website and gain customer data, and having heard about the simplicity of ransomware attacks and the damage caused, it is essential to back up your data properly and regularly.

6) Ignorance is not bliss: In security researcher Scott Helme’s experience, businesses don’t want to know that they’ve been hacked and the only way that business leaders will take action is if the press are involved or they hear about a vulnerability via the mainstream media. In fact, it takes more than 100 days on average for a business to realise it has been compromised. Embrace ethical hacking, feedback from others and be aware! As Justin Joyce said: “Prevent, Detect, Protect.”

7) 50% of cybercrime is attacking small businesses: SME’s are prime targets according to Secarma’s Paul Harris. For all businesses cybersecurity needs to be a board-level issue and we need to keep talking about it.

8) It’s a risky business: The key to cybersecurity is understanding risk and how that balances with your investment into security and protection, according to Terry Greer-King of Cisco. We can never fully protect anything; even our homes are not impenetrable when the doors and windows are locked. Understanding the value of what you’re protecting vs the risk it faces vs the cost of protection is essential.